Académique Documents
Professionnel Documents
Culture Documents
1.5.1Create Sites............................................................................................................................................................ 9
2.1.1Add a Map............................................................................................................................................................. 13
3.3.1No Authentication............................................................................................................................................. 36
3.3.2Simple Password............................................................................................................................................... 37
3.3.3Hotspot.................................................................................................................................................................. 38
3.7 QoS..................................................................................................................................................................................49
3.8 System...........................................................................................................................................................................52
3.8.1Reboot Schedule............................................................................................................................................... 52
3.8.2Log Setting........................................................................................................................................................... 52
3.8.3Device Account.................................................................................................................................................. 54
3.8.4LED.......................................................................................................................................................................... 54
3.8.5SSH......................................................................................................................................................................... 55
3.8.6Management VLAN........................................................................................................................................... 55
3.8.7Backup&Restore................................................................................................................................................ 56
3.8.8Batch Upgrade.................................................................................................................................................... 56
4.1.1Overview............................................................................................................................................................... 58
4.1.2LAN.......................................................................................................................................................................... 58
4.1.3Radio....................................................................................................................................................................... 59
4.2.1User......................................................................................................................................................................... 59
4.2.2Guest...................................................................................................................................................................... 60
4.3.1Basic Config......................................................................................................................................................... 60
4.3.2IP Setting............................................................................................................................................................... 61
4.3.3Radio....................................................................................................................................................................... 61
4.3.4Load Balance....................................................................................................................................................... 63
4.3.5WLANs................................................................................................................................................................... 63
4.3.6Trunk Settings.................................................................................................................................................... 64
4.3.7Rouge AP Detection......................................................................................................................................... 64
6Application Example...................................................................................................70
6.1 Basic Configuration...................................................................................................................................................71
6.2.4Configure Scheduler........................................................................................................................................ 75
1 Quick Start
The EAP Controller is a management software for the TP-Link EAP devices. It allows you to centrally
manage your EAP devices using a web browser. You can configure EAPs in batches and conduct
real-time monitoring of each EAP in the network.
Follow the steps below to complete the basic settings of the EAP Controller.
1
1.1 Determine the Network Topology
There are two kinds of network topologies to centrally manage EAPs via the EAP Controller:
Determine your management method according to your need and refer to the following
introductions to build your network toplogy.
A router acts as a DHCP server to assign IP addresses to EAPs and clients. EAP Controller should
be installed on one host, which is called as Controller Host. The other hosts in the same LAN can
access the Controller Host to manage the network. Taking the following topology as an example,
you can enter 192.168.0.100:8043 in a web browser on Host B to visit the EAP Controller interface
on Host A. It's recommended to set a static IP address to the Controller Host for the convenient
login to the EAP Controller interface.
EAP Controller
EAPs
Host B
IP: 192.168.0.200/24
Clients
Note
The EAP Controller must be running all the time when you manage the network.
The EAP Controller can be running on only one host in a LAN. When other users in the LAN try to launch EAP
Controller on their own hosts, they will be redirected to the host that is already running EAP Controller.
2
1.1.2Management in Different Subnets
If your EAP Controller and EAPs are in different subnets, refer to the following topology.
A router acts as the gateway of the network. A layer 3 switch acts as a DHCP server to assign IP
addresses to EAPs and clients. The Controller Host and the EAPs are connected to the switch's
different network segments. To help the EAPs find the Controller Host, EAP Discover Utility should
be installed on Host B which is in the same subnet with the EAPs. For how to use EAP Discovery
Utility, refer to 1.3 Inform the EAPs the Controller Host's Address for detailed instructions.
192.168.2.0/24
EAPs
EAP
Discovery Utility
Host B
IP: 192.168.2.100/24
Clients
operation system and follow the introductions below to install EAP Controller.
System Requirements
Operating System: Microsoft Windows XP/Vista/7/8/10.
Web Browser: Mozilla Firefox 32 (or above), Google Chrome 37 (or above), Opera 24 (or above), or
Microsoft Internet Explorer 11 (or above).
3
Note
We recommend that you deploy the EAP controller on a 64-bit operating system to guarantee the software
stability.
System Requirements
Operating System: 64-bit Linux operating system, including 16.04/17.04, CentOS 7.2/7.3 and
Fedora 24/25.
Web Browser: Mozilla Firefox 32 (or above), Google Chrome 37 (or above), Opera 24 (or above), or
Microsoft Internet Explorer 11 (or above).
Follow the steps below to install EAP Controller on your Linux PC:
1.Make sure your PC is runnning in root mode. You can use this command to enter root mode:
sudo
Tips
To uninstall EAP Controller, go to the insatllation path: /opt/tplink/EAPController, and run the command:
sudo ./uninstall.sh.
During uninstallation, you can choose whether to backup the database.The backup folder is /opt/tplink/
EAPController/eap_db_backup.
During installation, you will be asked whether to restore the database if there is any backup database in the
folder /opt/tplink/EAPController/eap_db_backup.
4
1.3 Inform the EAPs of the Controller Host's Address
If your Controller Host and EAPs are in the same network segment, you can skip this section.
If your Controller Host and EAPs are in different subnets, you need to install EAP Discovery Utility
on a host that is in the same network segment with the EAPs. EAP Discovery Utility can help the
EAPs find the Controller Host.
System Requirements
WinXP/Vista/7/8/8.1/10/Server2008/Server2012
Mac OS X 10.7/10.8/10.9/10.10/10.11
2.Open the EAP Discovery Utility and the following window will pop up. This window shows the
information of all EAPs in the same LAN.
3.Click manage in the Action column or select multiple EAPs and click Batch Setting.
5
4.Enter the hostname or IP address of the Controller Host.
5.Enter the EAPs username and password (both are admin by default).
6.Click Apply to inform the EAP of the Controller's hostname or IP address. And then the
connection can be established between the EAP and the Controller Host.
To launch EAP Controller on a Windows host, double click the icon and the following window will
pop up. You can click Hide to hide this window but do not close it. After a while, your web browser
will automatically open.
6
Note
If your browser does not open automatically, click Launch a Browser to Manage Wireless Network. You can
also launch a web browser and enter http://127.0.0.1:8088 in the address bar.
If your web browser opens but prompts a problem with the website's security certificate, click Continue.
1.Start the EAP Controller service using the command: tpeap start.
2.Launch a web browser and enter http://127.0.0.1:8088 in the address bar to visit the web page of
EAP Controller.
Tips
You can also use the following commands to stop the service or view the service status:
To stop the service: tpeap stop
To view the service status: tpeap status
1.The EAP Controller displays all the detected EAPs in the network. Select the one or more EAPs
to be managed and click Next.
2.Set the SSID name (wireless network name) and password for the EAPs to be managed. The EAP
Controller will create two wireless networks, a 2.4GHz one and a 5GHz one both encrypted in the
WPA2-PSK mode. Click Next.
7
3.Specify a username and a password to create an administrator account. Specify the email
address to receive the notification emails and reset your password if necessary. Click Next.
Note
After logging into the EAP Controller, please set a mail server so that you can receive the notification emails
and reset your password in case that you forget the password. Please refer to Configure Mail Server.
8
1.4.3Log in to the Management Interface
Once the basic configuration is finished, the browser will be redirected to the following page. Log
in to the management interface of EAP Controller with the username and password you have set in
the basic configuration.
Note :
In addition to the Controller Host, other hosts in the same LAN can also manage EAP devices via remote
access to the Controller Host. For example, when the IP address of the Controller Host is 192.168.0.100
and the EAP Controller is running normally on this host, you can enter https://192.168.0.100:8043/login, or
https://192.168.0.100:8043, or http://192.168.0.100:8088 in the web browser of other hosts in the same LAN
to log into the management interface and manage EAP devices.
1.5.1Create Sites
Follow the steps below to add sites.
1.Click in the top left corner of the page and select , and then the following
window will pop up.
9
3.Click Apply to create the site.
To ensure that all EAPs are adopted, follow the steps below:
1.Select a site and go to Access Points > Pending. The table displays all the EAPs that have not
been adopted.
2.Click the Retry button in the Action column and enter the current username and password of the
EAP. Click Apply.
Tips
If you have a new discovered EAP, you can click the Adopt button in the Action column to adopt the EAP. The
EAP Controller will automatically adopt the EAP using the default username and password (both are admin).
If you have multiple new discovered EAPs, and all of them have the default username and password (both
are admin), you can click the Batch Adopt button to adopt them all at once. But if there are any EAPs with the
Retry button, it means that the username and password of these EAPs have been changed. You need to first
adopt them before batch adopt the rest EAPs.
3.Wait for a moment, the EAPs will be adopted and the status will change to Connected. All the
EAPs username and password will become the same as those of the Controller's administrator
account you created in the Basic Configuration.
Tips
If you want to change the EAPs' username and password, please refer to Device Account.
10
1.6 Monitor and Manage the EAPs
When all the configurations above are finished, you can centrally monitor and manage the EAPs via
the EAP Controller's management interface. The management interface is mainly divided into three
sections as the following screen.
Section A In Section A, you can check the status of EAPs and clients in the network. Also,
you can click to refresh the current page, click to globally configure the
wireless network, and click to sign out from the management interface.
Furthermore, the Sites allows you to group your EAPs and manage them in
batches. To configure sites, refer to Create Sites.
Section B In Section B, you can centrally monitor and manage the EAPs and clients.
Section C In Section C, you can globally configure the wireless network. The global
configurations will take effect on all the adopted EAPs.
11
2 Monitor and Manage the Network
With the EAP Controller you can monitor the EAP devices and centrally manage your wireless
network. This chapter includes the following sections:
View Logs
View Alerts
12
2.1 Monitor the Network with the Map
You can upload your local map images and monitor the status and coverage range of each EAP with
the map. When you initially launch the EAP Controller, a default map is displayed as the following
figure shows. Follow the instructions below to add your own map and manage the EAPs via the map.
2.1.1Add a Map
Prepare a map image in .jpg, .gif, or .png format. And then follow the steps below to add the map to
the EAP Controller.
1.Click Configure Maps on the upper right corner of map and click Add.
2.Enter the map description, select your map image, and click Create.
3.Select your local map from the drop-down list on the upper right corner of map area.
13
4.Click . Draw a line on the map and enter the distance the line represents. Then the EAP
Controller will compute and generate the map scale automatically based on your configuration.
5.Drag the EAPs from the Unplaced APs list to the appropriate locations on the map according to
their actual locations.
14
Unlock the selected EAP and you can drag it to another location.
Display the EAP's details and configure the wireless parameters. Refer to
Configure the EAPs Separately.
Remove the selected EAP back into the Unplaced APs list.
Label Display the EAPs name. The default name is the MAC address of the EAP.
Coverage Display a visual representation of the wireless range covered by EAPs. The
actual signal coverage may be smaller than the visual coverage on the map
because the obstacles around the EAPs will weaken the signal.
15
2.2 View the Statistics of the Network
The EAP Controller collects all statistics of the managed EAPs and displays the statistical
information via graphs, pie charts and tables, providing an overview of your wireless network.
16
Most Active AP The current connected AP with the maximum traffic.
Most Active The current connected client with the maximum traffic.
Client
All-time Top The client with the maximum traffic among all the clients that have ever
Client accessed the EAP network.
%Clients The proportion of current connected clients to the Top EAPs' total client
amount.
Traffic The total amount of data transmitted by this EAP, which equals the sum of the
transmission traffic of all the current clients that connect to the AP.
%Traffic The proportion of the EAP's current data transmission amount to the Top EAPs'
total transmission amount.
17
The left ordinate axis indicates the traffic and the right one represents the number of the clients.
The abscissa axis shows the selected time period. Traffic indicates a visual graph of the network
traffic during the selected time period. Client indicates a visual graph of the number of the
connected clients during the selected time period. For example, the statistics information at 10:00
indicates the traffic size and client number from 9:00 to 10:00. In the following figure, at 10 oclock,
the traffic is about 8 and there is 1 client connected to the AP.
18
Connected Displays the connected EAPs.
Only connected EAPs can be managed. After you adopt a pending EAP, its status will
become provisioning and then connected. A connected EAP will turn into a pending
one after you forget this EAP. You can refer to Forget this AP to forget a EAP or click
Forget All on the page to forget all the connected EAPs.
Overview Overview displays the EAP's name/MAC address, IP address, status, model, software
version, number of connected clients and download/upload bytes.
Config Config displays the EAP's name/MAC address, IP address, status, model, software
version, WLAN Group bounded with the 2G and 5G of the EAP, and radio of the 2G and
5G.
Performance Performance displays the EAP's name/MAC address, IP address, status, model,
software version, number of connected 2G clients and 5G clients, TX(Downloaded
Traffic), RX(Uploaded Traffic), TX 2G and TX 5G.
19
Upgrade the EAP.
Click Browse to locate and choose the upgrade file in your computer, then click
Upgrade to install the latest EAP firmware. The Status will appear as Upgrading until
the process is complete and the EAP reconnects to the EAP Controller.
Note
Only managed EAPs can be rebooted or upgraded.
If you want to login to the EAP's own management interface, you need to forget the EAP before that.
You can click the following tabs to respectively view the detailed information of users and guests.
All Clients The page will display the information of all clients including users and guests.
20
Users The page will display the information of Users.
If the client is Guest, you can click this icon to cancel the authorization for it.
21
2.5.2View the History Information of Clients
You can click the client's MAC address to get its connection history or click the following tabs to
view the information of different types of clients:
All The page will display the history information of all the clients.
Blocked The page will display the clients that have been blocked.
All The page will display the history information of all clients.
Offline Only The page will display the history information of the offline clients.
22
You can execute the corresponding operation to the EAP by clicking an icon in the Action column:
You can execute the corresponding operation to the EAP by clicking an icon in the Action column:
Export and download the current Trusted Rogue APs list and save it on your PC.
23
Import a saved Trusted Rogue APs list. If the MAC address of an AP appears in list, it will
not be detected as a rogue AP.
24
2.9 View Alerts
You can see the status change of your EAPs on the Unarchived Alerts page. You can click or
to move unarchived alerts to the Archived Alerts page.
As follows, the Archived Alerts page displays the alerts archived by you. You can click or
to delete the records.
25
3 Configure the EAPs Globally
This chapter introduces the global configurations applied to all the managed EAPs. To configure a
specific EAP, please refer to Chapter 4 Configure the EAPs Separately.
Wireless Network
Access Control
Portal Authentication
MAC Filter
Scheduler
System
26
3.1 Wireless Network
In addition to the wireless network you created in Quick Start, you can add more wireless networks
and configure the advanced wireless parameters to improve the quality of the wireless network.
27
SSID Name Enter an SSID name contains up to 32 characters.
Wireless Vlan ID Set a VLAN ID for the wireless network. Wireless networks with the same VLAN ID
are grouped to a VLAN.
The value ranges from 0 to 4094. 0 means VLAN function is disabled.
SSID Broadcast With the option enabled, EAPs will broadcast the SSID to the nearby hosts, so that
those hosts can find the wireless network identified by this SSID. If this option is
disabled, users must enter the SSID manually to connect to the EAP.
Enabled by default.
Portal With the option enabled, the configurations in Portal will be applied. Portal
provides authentication service for the clients who just need temporary access to
the wireless network, such as the customers in shopping mall and restaurant.
Disabled by default.
SSID Isolation With the option enabled, the devices connected in the same SSID of the same AP
cannot communicate with each other.
Disabled by default.
Access Control Select an Access Control rule for this SSID. For more information, refer to Access
Control.
28
Following is the detailed introduction of WEP, WPA-Enterprise and WPA-PSK.
WEP
WEP is based on the IEEE 802.11 standard and less safe than WPA-Enterprise and WPA-PSK.
Note
WEP is not supported in 802.11n mode or 802.11ac mode. If WEP is applied in 802.11n, 802.11 ac or 802.11n/
ac mixed mode, the clients may not be able to access the wireless network. If WEP is applied in 11b/g/n mode
(2.4GHz) or 11a/n (5GHz), the EAP device may work at a low transmission rate.
Key Selected Select one key to specify. You can configure four keys at most.
WEP Key Format Select ASCII or Hexadecima as the WEP key format.
ASCII: ASCII format stands for any combination of keyboard characters of the
specified length.
Hexadecimal: Hexadecimal format stands for any combination of hexadecimal
digits (0-9, a-f, A-F) with the specified length.
Key Value Enter the WEP keys. The length and valid characters are affected by key type.
29
WPA-Enterprise
The WPA-Enterprise mode requires a RADIUS server to authenticate clients. Since the WPA-
Enterprise can generate different passwords for different clients, it is much safer than WPA-PSK.
However, it costs much more to maintain and is usually used by enterprise.
Radius Password Enter the shared secret key of the Radius server.
Group Key Update Specify a group key update period, which instructs the EAP how
Period often it should change the encryption keys. The value can be either 0
or 30~8640000 seconds. 0 means no change of the encryption key
anytime.
30
WPA-PSK
Based on a pre-shared key, WPA-PSK is characterized by high safety and simple settings and is
mostly used by common households and small businesses.
Group Key Specify a group key update period, which instructs the EAP how often it
Update Period should change the encryption keys. The value can be either 0 or 30~8640000
seconds. 0 means the encryption keys will not be changed all the time.
7.Enable Rate Limit for the clients to guarantee the network balance. Enter the value for Download
Limit and Upload Limit. 0 means unlimited.
31
3.1.2Configure Advanced Wireless Parameters
Proper wireless parameters can improve the network's stability, reliability and communication
efficiency. The advanced wireless parameters consist of Beacon Interval, DTIM Period, RTS
Threshold, Fragmentation Threshold and Airtime Fairness.
Beacon Interval Beacons are transmitted periodically by the EAP device to announce
the presence of a wireless network for the clients. Beacon Interval value
determines the time interval of the beacons sent by the device.
You can specify a value between 40 and 100ms. The default is 100ms.
DTIM Period The DTIM (Delivery Traffic Indication Message) is contained in some Beacon
frames. It indicates whether the EAP device has buffered data for client
devices. The DTIM Period indicates how often the clients served by this EAP
device should check for buffered data still on the EAP device awaiting pickup.
You can specify the value between 1-255 Beacon Intervals. The default value
is 1, indicating clients check for buffered data on the EAP device at every
beacon. An excessive DTIM interval may reduce the performance of multicast
applications, so we recommend you keep it by default.
RTS Threshold RTS (Request to Send) can ensure efficient data transmission. When RTS is
activated, the client will send a RTS packet to EAP to inform that it will send
data before it send packets. After receiving the RTS packet, the EAP notices
other clients in the same wireless network to delay their transmitting of data
and informs the requesting client to send data, thus avoiding the conflict
of packet. If the size of packet is larger than the RTS Threshold, the RTS
mechanism will be activated.
If you specify a low threshold value, RTS packets are sent more frequently
and help the network recover from interference or collisions that might occur
on a busy network. However, it also consumes more bandwidth and reduces
the throughput of the packet. We recommend you keep it by default. The
recommended and default value is 2347.
32
Fragmentation The fragmentation function can limit the size of packets transmitted over the
Threshold network. If a packet exceeds the Fragmentation Threshold, the fragmentation
function is activated and the packet will be fragmented into several packets.
Fragmentation helps improve network performance if properly configured.
However, too low fragmentation threshold may result in poor wireless
performance caused by the extra work of dividing up and reassembling of
frames and increased message traffic. The recommended and default value is
2346 bytes.
Airtime Fairness With this option enabled, each client connecting to the EAP can get the same
amount of time to transmit data, avoiding low-data-rate clients to occupy
too much network bandwidth and improving the network throughput. We
recommend you enable this function under multi-rate wireless networks.
33
3.Configure the following parameters to balance the clients on both frequency bands:
Connection When the number of clients on the 5GHz band reaches the value of
Threshold/Difference Connection Threshold and the difference value between the number
Threshold of clients on the 2.4GHz band and the 5GHz band reaches the value of
Difference Threshold, EAPs will refuse the requests of communication
on the 5GHz band from other clients and no longer steer other clients to
the 5GHz band.
The value of Connection Threshold is from 2 to 40, and the default is 20.
The value of Difference Threshold is from 1 to 8, and the default is 4.
Max Failures If a client repeatedly attempts to associate with the EAP on the 5GHz
band and the number of rejections reaches the value of Max Failures,
the EAP will accept the request.
The value is from 0 to 100, and the default is 10.
34
3.Configure the following parameters.
Rule Memebers Subnets: Clients of the subnet will be controlled by the rule. Enter the subnet
for this rule in the format X.X.X.X/X and click . Up to 16 subnets can be
added.
Except Subnets: Clients of the subnet will be controlled by the rule. Enter the
subnet that does not follow this rule in the format X.X.X.X/X and click .
Up to 16 subnets can be added.
The rule will not apply to the subnets that is in both the Subnets list and the
Except Subnets list.
5.Go to Wireless Settings > Basic Wireless Setting and enable Access Control function of a
selected SSID.
35
Five different types of authentication methods are available: No Authentication, Simple Password,
Hotspot, External Radius Server, and External Portal Server. Please refer to the following
instructions to configure Portal.
3.3.1No Authentication
When this option is selected, clients can access the network without any authentication and just
need to accept the term of use.
36
Authentication The client's authentication will expire after the time period you set and
Timeout the client needs to log in the web authentication page again to access the
network.
Options include 1 Hour, 8 Hours, 24 Hours, 7 Days, Custom. Custom allows
you to define the time in days, hours, and minutes. The default value is one
hour.
Redirect If you enable this function, the portal will redirect the newly authenticated
clients to the configured URL.
Disabled by default.
Redirect URL If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.
1.Configure the title and terms of the login page in the Portal Title and Term
of Use boxes.
2.Upload a logo image and a background image from your local PC.
3.Preview the login page.
3.3.2Simple Password
When this option is selected, clients are required to enter the password and accept the term of use.
37
Configure the following parameters and provide the required information.
Authentication The client's authentication will expire after the time period you set and
Timeout the client needs to log in the web authentication page again to access the
network.
Options include 1 Hour, 8 Hours, 24 Hours, 7 Days, Custom. Custom allows
you to define the time in days, hours, and minutes. The default value is one
hour.
Redirect If you enable this function, the portal will redirect the newly authenticated
clients to the configured URL.
Disabled by default.
Redirect URL If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.
1.Configure the title and terms of the login page in the Portal Title and Term
of Use boxes.
2.Upload a logo image and a background image from your local PC.
3.Preview the login page.
3.3.3Hotspot
With this feature, you can distribute the vouchers automatically generated by the EAP Controller to
the clients, who can use the vouchers to access the network. In addition, the clients that access the
network by hotspot authentication type can be managed by the hotspot manager.
38
Configure the following parameters and provide the required information.
Hotspot Manager Click Hotspot Manager to create vouchers and manage the hotspot
authentication.
For detailed instructions, please refer to the content below.
Redirect Disabled by default. If you enable this function, the portal will redirect the newly
authenticated clients to the configured URL.
Redirect URL If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.
1.Configure the title and terms of the login page in the Portal Title and Term of
Use boxes.
2.Upload a logo image and a background image from your local PC.
3.Preview the login page.
After you click Hotspot Manager, a new window will open automatically. On the page, you can
create and print Vouchers, manage the guests and create the Operator account to help manage
your network.
39
Create and Print Vouchers
Please follow these steps to create and print vouchers.
4.Click Apply. The Vouchers will be generated and displayed on the page.
40
5.Click or to print and save the Vouchers.
6.Distribute the Vouchers to clients, and then they can use the Code to pass authentication for
network access.
7.When the Vouchers are invalid, you can click to delete the Voucher or to delete all of
them.
41
Extend the effective time.
Note
The users who enter the hotspot administrative system by Operator account can only generate vouchers and
manage the clients.
4.Choose Site Privileges (You can choose more than one options) for the Operator account.
5.Click Apply to create an Operator account. Then other users can use this account to enter the
hotspot administrative system.
42
Configure the parameters and provide the required information as follows:
Radius Password Enter the password you have set on the Radius Server. Clients will be required to
enter the password when they attempt to access the network.
Authentication The client's authentication will expire after the time period you set and the client
Timeout needs to log in the web authentication page again to access the network.
Options include: 1 Hour, 8 Hours, 24 Hours, 7 Days, Custom. Custom allows you
to define the time in days, hours, and minutes. The default is one hour.
Redirect Disabled by default. If you enable this function, the portal will redirect the newly
authenticated clients to the configured URL.
Redirect URL If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.
43
Portal Customzation Select Local Web Portal or External Web Portal.
Local Web Portal: If this option is selected, configure the Login Page.
External Web Portal: If this option is selected, follow the steps below.
1.Configure the external radius server.
2.Enter the authentication login page's URL provided by the external portal
server on the page.
3.Put the external web portal server to a whitelist of Free Authentication Policy,
otherwise clients cannot access it before authenticated.
Login Page If you select Local Web Portal, customize the login page:
1.Configure the title and terms of the login page in the Portal Title and Term of
Use boxes.
2.Upload a logo image and a background image from your local PC.
3.Preview the login page.
Radius Server IP Enter the complete authentication URL that redirect to an external portal server,
for example:
http://192.168.0.147:8880/portal/index.php or http://192.168.0.147/portal/index.
html
44
3.4 Free Authentication Policy
Free Authentication Policy allows some specified clients to access the network resources without
authentication. Follow the steps below to add free authentication policy.
3.Configure the following parameters. When all conditions are met, the client can access the
network without authentication.
Source IP Range Set the Source IP Range with the subnet and mask length of the clients.
Destination IP Range Set the Destination IP Range with the subnet and mask length of the server.
45
1.Go to Wireless Control > MAC Filter to add MAC Filter group and group members.
2 )Click Apply and the group will be successfully added as shown below.
4 )Click Apply to add the MAC address into the MAC filter group.
46
3.Go to Wireless Control > MAC Filter Association to associate the added MAC Filter group with
SSID.
1 )Check the box and click Apply to enable MAC Filtering function.
3 )In the MAC Filter Name column of the specified SSID, select a MAC Filter group in the drop-
down list. Then select Allow/Deny in the Action column to allow/deny the clients in the MAC
Filter group to access the network.
3.6 Scheduler
With the Scheduler, the EAPs or its wireless network can automatically turn on or off at the time you
set. For example, you can use this feature to schedule the radio to operate only during the office
working time in order to achieve security goals and reduce power consumption. You can also use
the Scheduler to make clients can only access the wireless network during the time period you set
in the day.
47
2 )Click Apply and the profile will be added.
2 )Select Associated with SSID (the profile will be applied to the specific SSID on all the EAPs)
or Associated with AP (the profile will be applied to all SSIDs on the specific EAP). Then click
Apply.
48
3 )Select a band frequency (2.GHz or 5GHz) and a WLAN group.
4 )In the Profile Name column of the specified SSID or AP, select a profile you added before in
the drop-down list. Select Radio Off/Radio On to turn on or off the wireless network during
the time interval set for the profile.
3.7 QoS
The EAP Controller software allows you to configure the quality of service (QoS) on the EAP device
for optimal throughput and performance when handling differentiated wireless traffic, such as
Voice-over-IP (VoIP), other types of audio, video, streaming media, and traditional IP data.
To configure QoS on the EAP device, you should set parameters on the transmission queues for
different types of wireless traffic and specify minimum and maximum wait times (through contention
windows) for transmission. In normal use, we recommend you keep the default values for the EAP
devices and station EDCA (Enhanced Distributed Channel Access).
49
2.Enable or disable the following features.
Wi-Fi Multimedia (WMM) By default enabled. With WMM enabled, the EAP devices have the QoS
function to guarantee the high priority of the transmission of audio and
video packets.
If 802.11n only mode is selected in 2.4GHz (or 802.11n only, 802.11ac
only, or 802.11 n/ac mixed mode in 5GHz), the WMM should be enabled. If
WMM is disabled, the 802.11n only mode cannot be selected in 2.4GHz (or
802.11n only, 802.11ac only, or 802.11 n/ac mixed mode in 5GHz).
NoAcknowledgement By default disabled. You can enable this function to specify that
the EAP devices should not acknowledge frames with QosNoAck.
NoAcknowledgement is recommended if VoIP phones access the network
through the EAP device.
3.Click AP EDCA Parameters and the following page will appear. AP EDCA parameters affect
traffic flowing from the EAP device to the client station. We recommend you use the defaults.
Queue Queue displays the transmission queue. By default, the priority from high
to low is Data 0, Data 1, Data 2, and Data 3. The priority may be changed if
you reset the EDCA parameters.
Data 0 (Voice)Highest priority queue, minimum delay. Time-sensitive
data such as VoIP and streaming media are automatically sent to this
queue.
Data 1 (Video)High priority queue, minimum delay. Time-sensitive video
data is automatically sent to this queue.
Data 2 (Best Effort)Medium priority queue, medium throughput and
delay. Most traditional IP data is sent to this queue.
Data 3 (Background)Lowest priority queue, high throughput. Bulk data
that requires maximum throughput and is not time-sensitive is sent to this
queue (FTP data, for example).
Arbitration Inter- A wait time for data frames. The wait time is measured in slots. Valid values
Frame Space for Arbitration Inter-Frame Space are from 0 to 15.
Minimum Contention A list to the algorithm that determines the initial random backoff wait time
Window (window) for retry of a transmission.
This value can not be higher than the value for the Maximum Contention
Window.
50
Maximum Contention The upper limit (in milliseconds) for the doubling of the random backoff
Window value. This doubling continues until either the data frame is sent or the
Maximum Contention Window size is reached.
This value must be higher than the value for the Minimum Contention
Window.
Maximum Burst Maximum Burst specifies the maximum burst length allowed for packet
bursts on the wireless network. A packet burst is a collection of multiple
frames transmitted without header information. The decreased overhead
results in higher throughput and better performance.
4.Click Station EDCA Parameters and the following page will appear. Station EDCA parameters
affect traffic flowing from the client station to the EAP device. We recommend you use the
defaults.
Queue Queue displays the transmission queue. By default, the priority from high
to low is Data 0, Data 1, Data 2, and Data 3. The priority may be changed if
you reset the EDCA parameters.
Data 0 (Voice)Highest priority queue, minimum delay. Time-sensitive
data such as VoIP and streaming media are automatically sent to this
queue.
Data 1 (Video)High priority queue, minimum delay. Time-sensitive video
data is automatically sent to this queue.
Data 2 (Best Effort)Medium priority queue, medium throughput and
delay. Most traditional IP data is sent to this queue.
Data 3 (Background)Lowest priority queue, high throughput. Bulk data
that requires maximum throughput and is not time-sensitive is sent to this
queue (FTP data, for example).
Arbitration Inter- A wait time for data frames. The wait time is measured in slots. Valid values
Frame Space for Arbitration Inter-Frame Space are from 0 to 15.
Minimum Contention A list to the algorithm that determines the initial random backoff wait time
Window (window) for retry of a transmission. This value can not be higher than the
value for the Maximum Contention Window.
Maximum Contention The upper limit (in milliseconds) for the doubling of the random backoff
Window value. This doubling continues until either the data frame is sent or the
Maximum Contention Window size is reached.
This value must be higher than the value for the Minimum Contention
Window.
51
TXOP Limit The TXOP Limit is a station EDCA parameter and only applies to traffic
flowing from the client station to the EAP device. The Transmission
Opportunity (TXOP) is an interval of time, in milliseconds, when a WME
client station has the right to initiate transmissions onto the wireless
medium (WM) towards the EAP device. The valid values are multiples of 32
between 0 and 8192.
3.8 System
3.8.1Reboot Schedule
You can reboot all the EAPs in the network periodically as needed. Follow the steps below to
configure Reboot Schedule.
3.Choose Daily, Weekly or Monthly in the Timing Mode drop-down list and set a specific time to
reboot the EAPs.
3.8.2Log Setting
Follow the steps below to choose the way to receive system logs.
2.Check the box to choose the way to receive system logs (you can choose more than one) and
52
click Apply to save the configurations. Three ways are available: Auto Mail Feature, Server and
Nvram.
Enable You can check the box to enable mail server authentication. Enter the sender's
Authentication mail account name and password.
Time Mode Select Time Mode. System logs can be sent at specific time or time interval.
Fixation Time If you select Fixation Time, specify a fixed time to send the system log mails. For
example, 08:30 indicates that the mail will be sent at 8:30 am everyday.
Period Time If you select Period Time, specify a period time to regularly send the system log
mail. For example, 6 indicates that the mail will be sent every six hours.
Server
If Server is enabled, system logs will be sent to a server. You can enable the feature and enter its IP
address and port.
53
Nvram
Nvram (Non-volatile Random Access Memory) is a RAM that can still save data even if a device is
power off. All TP-Link EAPs are equipped with Nvram. With this option enabled, the Nvram feature
can help reserve the system logs when an EAP device is power off.
3.8.3Device Account
When the EAP devices are adopted at the first time, their username and password will become the
same as those of the EAP Controller which are specified at Basic Configurations. You can specify a
new username and password for the adopted EAPs in batches.
Follow the steps below to change EAP devices' username and password.
Note :
The new account will be applied to EAP devices but not the EAP Controller. To change the EAP Controller's us-
ername and password, please refer to User Account.
3.8.4LED
Follow the steps below to turn on or off the LED lights of the EAPs.
2.By default, the LED lights are on. You can check the box to change the light status.
54
3.8.5SSH
You can login to the EAP Controller via SSH. Deploy an SSH server on your network and follow the
steps below to configure SSH on the EAP Controller:
4.Click Apply.
3.8.6Management VLAN
Management VLAN provides a safer way for you to manage the EAP. With Management VLAN
enabled, only the hosts in the management VLAN can manage the EAP. Since most hosts cannot
process VLAN TAGs, connect the management host to the network via a switch, and set up correct
VLAN settings for the switches on the network to ensure the communication between the host and
the EAP in the management VLAN.
4.Click Apply.
55
3.8.7Backup&Restore
You can save the current configuration of the EAPs as a backup file and if necessary, and restore
the configuration using the backup file. We recommend you back up the settings before upgrading
the device.
3.If necessary, click Browse to locate and choose the backup file. Then click Restore to restore
the configuration.
3.8.8Batch Upgrade
Follow the steps below to upgrade the EAP devices in batches according to their model.
4.Click Browse to locate and choose the proper firmware file for the model.
Note :
To avoid damage, please do not turn off the device while upgrading.
56
4 Configure the EAPs Separately
In addition to global configuration, you can configure the EAPs separately and the configuration
results will be applied to a specified EAP device.
To configure a specified EAP, please click the EAP's name on the Access Points tab or click of
connected EAP on the map. Then you can view the EAP's detailed information and configure the
EAP on the pop-up window.
57
4.1 View the Information of the EAP
4.1.1Overview
Click Overview to view the basic information including EAP's MAC address (or name you set), IP
address, model, firmware version, the usage rate of CPU and Memory and uptime (indicates how
long the EAP has been running without interruption).
4.1.2LAN
Click LAN to view the traffic information of the LAN port, including the total number of packets, the
total size of data, the total number of packets loss, and the total size of error data in the process of
receiving and transmitting data.
58
4.1.3Radio
Click Radio to view the radio information including the frequency band, the wireless mode, the
channel width, the channel, and the transmitting power. At 2.4GHz, you can also view parameters of
receiving/transmitting data.
59
4.2.2Guest
The Guest page displays the information of clients connecting to the SSID with Portal enabled,
including their MAC addresses and connected SSIDs. You can click the client's MAC address to get
its connection history.
4.3.1Basic Config
Here you can change the name of the EAP.
60
4.3.2IP Setting
You can configure an IP address for this EAP. Two options are provided: DHCP and Static.
3.Enable the Fallback IP feature. When the device cannot get a dynamic IP address, the fallback IP
address will be used.
4.Set IP address, IP mask and gateway for the fallback address and click Apply.
2.Set the IP address, IP mask and gateway for the static address and click Apply.
4.3.3Radio
Radio settings directly control the behavior of the radio in the EAP device and its interaction with
the physical medium; that is, how and what type of signal the EAP device emits.
Select the frequency band (2.4GHz/5GHz) and configure the following parameters.
61
Status Enabled by default. If you disable the option, the radio on the frequency band
will turn off.
Channel Select the channel used by the EAP device to improve wireless performance.
The range of available channels is determined by the radio mode and the
country setting. If you select Auto for the channel setting, the EAP device
scans available channels and selects a channel where the least amount of
traffic is detected.
Tx Power Select the TX Power (transmit power) in the 4 options: Low, Medium, High and
Custom. Low, Medium and High are based on the Max TxPower (maximum
transmit power. It may vary among different countries and regions).
Low: Max TxPower * 20% (round off the value)
Medium: Max TxPower * 60% (round off the value)
High: Max TxPower
Custom: Enter a value manually.
62
4.3.4Load Balance
By setting the maximum number of clients accessing the EAPs, Load Balance helps to achieve
rational use of network resources.
Max Associated Enable this function and specify the maximum number of connected clients. While
Clients more clients requesting to connect, the EAP will disconnect those with weaker
signals.
RSSI Threshold Enable this function and enter the threshold of RSSI (Received Signal Strength
Indication). When the clients' signal is weaker than the RSSI Threshold you've set,
the clients will be disconnected from the EAP.
4.3.5WLANs
You can specify a different SSID name and password to override the previous SSID. After that,
clients can only see the new SSID and use the new password to access the network. Follow the
steps below to override the SSID.
63
3.Check the box to enable the feature.
4.You can join the overridden SSID in to a VLAN. Check the Use VLAN ID box and specify a VLAN
ID.
4.3.6Trunk Settings
Only EAP330 supports this function.
The trunk function can bundles multiple Ethernet links into a logical link to increase bandwidth and
improve network reliability.
4.3.7Rouge AP Detection
With this option enabled, the EAP device will detect rouge APs in all channels.
64
4.3.8Forget this AP
If you no longer want to manage this EAP, you may remove it. All the configurations and history
about this EAP will be deleted. It is recommended to back up the configurations of this EAP before
you forget it.
This feature is used to add the EAP to a specific VLAN. With this feature enabled, the hosts
connected to this EAP can only communicate with the devices in the same VLAN.
Mode Specify the VLAN that the EAP is added to. The valid values are from 1 to 4094,
and the default is 1.
65
5 Manage the EAP Controller
This chapter mainly introduces how to manage the user account and configure system settings.
This chapter includes the following contents.
User Account
Controller Settings
66
5.1 Information About the Software
You can view the EAP Controller's version and copyright information on the About page.
Administrator The first administrator account is created in the Basic Configuration process
and this account can not be deleted. An administrator can change the settings
of the EAP network and create and delete user accounts.
67
2.Click and the following window will pop up.
If you select operator or observer, you also need to select the Site Privileges.
If you select administrator, the Site Privileges option will not appear and all sites are available for
the administrator user.
Note
You can refer to the Role page to view the user role's type, description information, permission scope and cre-
ated time.
68
5.3.2Configure Mail Server
With the Mail Server, you can reset the password of the user account and receive notifications from
the EAP Controller. It is different from the SMTP Server, which is just for the syslog emails sending.
2.Click Mail Server, check the box to enable SMTP Server, and then the following screen will
appear.
Username/Password If you enable authentication, enter the username and password required by
the mail server.
Specify Sender Specify the sender's mail address. Enter the email address that will appear
Address as the sender of the warning email.
Note
Specify the account email address based on the Mail server to receive the notifications.
69
6 Application Example
A restaurant has a wireless network with three EAPs managed by the EAP Controller. The network
administrator wants to :
Enable Portal function to drive customers' attention to the ads of the supermarket when
customers attempt to access the network. The costumers need to use a simple password to
pass the authentication.
Allow the employees of the restaurant to access the network resources without portal
authentication.
Schedule the radio to operate only during the working time (8:00 am to 22:00 pm) in order to
reduce power consumption.
70
6.1 Basic Configuration
Follow the steps below to do the basic configuration.
EAP Controller
EAPs
3.Launch the software and follow the instructions to complete some initial configurations.
4.Click Coverage and you can see the representation of the EAPs wireless coverage.
71
6.2.2Configure Portal Authentication
Follow the steps below to configure Portal function.
2 )Select the Authentication Timeout. For example, 1 Hour is suitable for the customers at the
restaurant.
72
3 )Enable the Redirect to drive the costumers to the restaurant's homepage after successful
login. We can put some promotion information on the page.
3.Click Preview Login Page and you can preview the login page for the customers.
4.Go to Basic Wireless Settings and edit the SSID we created in the basic configuration.
73
1 )To make it easier for customers to connect, change the Security Mode from WPA-PSK to
None. Customers can connect to the EAPs without password and be redirected to the Portal
Authentication where the correct password will be required.
2 )Enable Portal.
1 )Disable the SSID Broadcast to hide this SSID from the customers.
2 )Specify the SSID Name, Security Mode and Wireless Password. Let the employees manually
enter the SSID name and password, and choose the security mode you set to access the
network.
74
6.2.4Configure Scheduler
Follow the steps below to schedule the radio to operate only during the working time (from 8:00 to
22:00).
1 )Add a profile.
2 )Add an item for the profile. The parameters are set as shown on the following screen.
1 )Enable the function and select Associated with SSID. Click Apply.
2 )In the Profile Name column of both SSIDs, select the profile we just created.
75